Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BR: Support encryption for restored ebs volumes (#48900) #48937

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion br/pkg/aws/ebs.go
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,7 @@ func (e *EC2Session) DeleteSnapshots(snapIDMap map[string]string) {
// CreateVolumes create volumes from snapshots
// if err happens in the middle, return half-done result
// returned map: store id -> old volume id -> new volume id
func (e *EC2Session) CreateVolumes(meta *config.EBSBasedBRMeta, volumeType string, iops, throughput int64, targetAZ string) (map[string]string, error) {
func (e *EC2Session) CreateVolumes(meta *config.EBSBasedBRMeta, volumeType string, iops, throughput int64, encrypted bool, targetAZ string) (map[string]string, error) {
template := ec2.CreateVolumeInput{
VolumeType: &volumeType,
}
Expand All @@ -295,6 +295,7 @@ func (e *EC2Session) CreateVolumes(meta *config.EBSBasedBRMeta, volumeType strin
if throughput > 0 {
template.SetThroughput(throughput)
}
template.Encrypted = &encrypted

newVolumeIDMap := make(map[string]string)
var mutex sync.Mutex
Expand Down
4 changes: 4 additions & 0 deletions br/pkg/task/restore.go
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@ type RestoreConfig struct {
VolumeType pconfig.EBSVolumeType `json:"volume-type" toml:"volume-type"`
VolumeIOPS int64 `json:"volume-iops" toml:"volume-iops"`
VolumeThroughput int64 `json:"volume-throughput" toml:"volume-throughput"`
VolumeEncrypted bool `json:"volume-encrypted" toml:"volume-encrypted"`
ProgressFile string `json:"progress-file" toml:"progress-file"`
TargetAZ string `json:"target-az" toml:"target-az"`
}
Expand Down Expand Up @@ -380,6 +381,9 @@ func (cfg *RestoreConfig) ParseFromFlags(flags *pflag.FlagSet) error {
if cfg.VolumeThroughput, err = flags.GetInt64(flagVolumeThroughput); err != nil {
return errors.Trace(err)
}
if cfg.VolumeEncrypted, err = flags.GetBool(flagVolumeEncrypted); err != nil {
return errors.Trace(err)
}

cfg.ProgressFile, err = flags.GetString(flagProgressFile)
if err != nil {
Expand Down
5 changes: 4 additions & 1 deletion br/pkg/task/restore_ebs_meta.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ const (
flagVolumeType = "volume-type"
flagVolumeIOPS = "volume-iops"
flagVolumeThroughput = "volume-throughput"
flagVolumeEncrypted = "volume-encrypted"
flagTargetAZ = "target-az"
)

Expand All @@ -54,6 +55,7 @@ func DefineRestoreSnapshotFlags(command *cobra.Command) {
command.Flags().String(flagVolumeType, string(config.GP3Volume), "volume type: gp3, io1, io2")
command.Flags().Int64(flagVolumeIOPS, 0, "volume iops(0 means default for that volume type)")
command.Flags().Int64(flagVolumeThroughput, 0, "volume throughout in MiB/s(0 means default for that volume type)")
command.Flags().Bool(flagVolumeEncrypted, false, "whether encryption is enabled for the volume")
command.Flags().String(flagProgressFile, "progress.txt", "the file name of progress file")
command.Flags().String(flagTargetAZ, "", "the target AZ for restored volumes")

Expand All @@ -65,6 +67,7 @@ func DefineRestoreSnapshotFlags(command *cobra.Command) {
_ = command.Flags().MarkHidden(flagVolumeType)
_ = command.Flags().MarkHidden(flagVolumeIOPS)
_ = command.Flags().MarkHidden(flagVolumeThroughput)
_ = command.Flags().MarkHidden(flagVolumeEncrypted)
_ = command.Flags().MarkHidden(flagProgressFile)
_ = command.Flags().MarkHidden(flagTargetAZ)
}
Expand Down Expand Up @@ -238,7 +241,7 @@ func (h *restoreEBSMetaHelper) restoreVolumes(progress glue.Progress) (map[strin
}
}()
volumeIDMap, err = ec2Session.CreateVolumes(h.metaInfo,
string(h.cfg.VolumeType), h.cfg.VolumeIOPS, h.cfg.VolumeThroughput, h.cfg.TargetAZ)
string(h.cfg.VolumeType), h.cfg.VolumeIOPS, h.cfg.VolumeThroughput, h.cfg.VolumeEncrypted, h.cfg.TargetAZ)
if err != nil {
return nil, 0, errors.Trace(err)
}
Expand Down